Thread: cache: 777 vs 775 - security?
View Single Post

  #2 (permalink)  
Old 23-03-2007, 01:23 AM
niall's Avatar
niall niall is offline
Hosting Caretaker
Recent Blog: An Post Doing Something Right?
  
Join Date: Jan 2007
Location: Carlow
Posts: 68
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
niall will become famous soon enough
Send a message via ICQ to niall Send a message via MSN to niall
Default
Quote:
Originally Posted by frankp View Post
It's ONLY the cache folder would be set to 777, every other folder in the directory is 755.

thanks for any help.
On most servers the apache server will run as the www-data or similar user. To give the apache user access to the cache directory you have to give it permissions of 777. While theoretically this can be a security hole, it's only really a security risk if you have other holes in your code which gives a script kiddie a method to execute something which he has managed to put in there.

There is also risk of another user on the same server having fun in the directory, but that's easier to track.

Just after doing a check on a multi-user server I help admin outside of work, the amount of 777 directories is impressive
__________________
Blog
Reply With Quote